YesWeHack ⠵

Ever abused a wildcard to inject shell arguments? 👀 In the latest episode of #TalkiePwnii, @pwnwithlove dives into a community-made Dojo challenge by @zerodaygym! From argument injection to full directory search - see it in action 👇 youtu.be/xsaa7dBn1jg

@askilow That's great! Congratulations 👏

Just got a reward for a critical vulnerability submitted on @yeswehack -- Information Disclosure (CWE-200). yeswehack.com/hunters/skilo Big thanks to @TheLaluka for highly valuable collaboration 🥰 #YesWeRHackers

@0x4r1f That's great! Congratulations 👏

Just got a reward for a vulnerability submitted on @yeswehack -- Unrestricted Upload of File with Dangerous Type (CWE-434). #YesWeRHackers

@_axwr That's great! Congratulations 👏

Just got a reward for a vulnerability submitted on @yeswehack -- Insecure Direct Object Reference (IDOR) (CWE-639). yeswehack.com/hunters/grandpa #YesWeRHackers

@drak3hft7 Nice one drak3hft7 ! :)

First time breaking into the Top 4 of the all-time leaderboard @yeswehack 👀😼 Still a long way to go, a lot to improve, and plenty to learn. #bugbounty #YesWeRHackers #bugbountytips

🚨Critical auth bypass in the WordPress Entra ID/Azure AD SSO plugin – attackers could potentially take over admin accounts and fully compromise sites. ⚠️ Root cause, patch analysis, PoC, threat landscape and mitigation steps for CVE-2026-2628 👇 yeswehack.com/news/auth-bypa…

Ready to pwn Bucket Vault on Dojo? 🚩 Discover how you can bypass a dot-dot-slash filter and read the secret file! Hack the challenge and level up your YesWeHack profile 👉 dojo-yeswehack.com/challenge-of-t… #BugBounty #CTF

If mastering open-source hacking is on your list, don’t miss this amazing content! Our latest guide breaks down every technique clearly, from simple workflows to advanced #BugBounty methods 🙀 Start learning here 👇 yeswehack.com/learn-bug-boun…

@drak3hft7 Well done! Keep up the great work 💪

Just got a reward for a high vulnerability submitted on @yeswehack -- Business Logic Errors (CWE-840). yeswehack.com/hunters/drak3h… #YesWeRHackers

@nurmukhamyed_kh That's great! Congratulations 👏

Just got a reward for a high vulnerability submitted on @yeswehack -- Improper Access Control - Generic (CWE-284). yeswehack.com/hunters/nurka #YesWeRHackers

@_axwr Well done! Keep up the great work 💪

Just got a reward for a vulnerability submitted on @yeswehack -- Improper Access Control - Generic (CWE-284). yeswehack.com/hunters/grandpa #YesWeRHackers

@just_ismail_ Hello, It means that YesWeHack is awaiting information from the program managers. Regards, The YesWeHack team

hi @yeswehack, i got 5 reports on this, what does it mean exactly ? i've never had it before thank you

@11lunaric11 That's great! Congratulations 👏

"Simple Login Bypass"? Pwned! It was a blast on @YesWeHack! Think you can take it on? 🌟 dojo-yeswehack.com/challenge/play… #YesWeHack #ChallengeAccepted

@SarojKanxa_ That's great! Congratulations 👏

Just got a reward for a vulnerability submitted on @yeswehack -- Race Condition (CWE-364). #YesWeRHackers

Secrets leaking in HTTP responses? 🔍 The TruffleHog Burp extension by @trufflesec passively scans proxy traffic for exposed credentials - API keys, tokens, SSH keys - directly in server responses. With 800+ detector types, it even checks whether secrets are still live. 👉 github.com/trufflesecurit… #BugBountyTips

AI is changing Bug Bounty and ethical hacking - but only if you use it the right way. Treat AI as a hacking assistant, not a replacement for your knowledge and methodology. @amrelsagaei explains how in his latest video 👉 youtube.com/watch?v=Pi-sdK…

“I was able to reset the password of every account in a large medical company” – @aituglo on his biggest #BugBounty find to date 💥 In this Q&A, he also shares how his dev background helps him find bugs, how he chooses targets & his top tip for newbies👇 yeswehack.com/community/deve…

Hey you! 🫵 What’s your favourite CWE? Our pick: CWE-78 Command Injection 💉 Don’t see your fav in the poll? Drop your go-to CWE in the comments 👇 #BugBountyTips

@Ussefessam1 That's great! Congratulations 👏

Just completed the "Dojo #50 - Bucket Vault" challenge on @YesWeHack! Level up with me! 🌟 dojo-yeswehack.com/challenge/play… #YesWeHack #ChallengeAccepted

Discover our vision for managing modern threats 👇 yeswehack.com/news/map-test-…

Underpinning this evolution is a continuous four-step cycle: 🗺️ Map → Continuously monitor your evolving attack surface 🧪 Test → Build and manage multilayered testing strategies 🛠️ Fix → Prioritise and remediate based on real-world risk 📋 Comply → Maintain continuous assurance and demonstrate your security posture

Finding vulnerabilities is only half the battle. Managing them across an expanding attack surface is the real challenge. That’s why @YesWeHack has evolved into an Offensive Security and Exposure Management platform, helping teams cut through alert fatigue and focus on real risk 🎯